package com.travel.commons.filter;

import com.travel.commons.exception.RRException;
import org.apache.commons.lang.StringUtils;

/**
 * SQL过滤
 */
public class SQLFilter {
    public static String sqlInject(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }

        str = StringUtils.replace(str, "'", "");
        str = StringUtils.replace(str, "\"", "");
        str = StringUtils.replace(str, ";", "");
        str = StringUtils.replace(str, "\\", "");
        str = str.toLowerCase();

        String[] keyWords = {
                "select",
                "insert",
                "delete",
                "update",
                "drop",
                "alter",
                "declare",
                "master",
                "truncate"
        };

        for (String keyWord : keyWords) {
            if (str.contains(keyWord)) {
                throw new RRException("包含非法字符");
            }
        }
        return str;
    }
}
